AnsweredAssumed Answered

SSO authorization for ad users with spaces in their names

Question asked by bierdosenhalter on Apr 16, 2013
Latest reply on Apr 17, 2013 by speedy

Hello

I'm using Openfire
3.8.1 with Windows Server 2008 R2 and Spark 2.6.3 Clients on XP, Win 7 and 8.

I have recently switched to SSO using this tutorial: http://community.igniterealtime.org/docs/DOC-1362

Login for users with no blank spaces in their usernames works without any flaws.

But: Users with blank spaces in the username get following error message:
Single Side Logon Failed - Please check your preferences

 

The openfire debug shows the following for User "Test Test":


2013.04.16 16:36:24 org.jivesoftware.openfire.auth.AuthorizationManager - AuthorizationManager: Trying Default Policy.authorize(test\20test , Test Test@EXAMPLE.LOCAL)

2013.04.16 16:36:24 org.jivesoftware.openfire.auth.DefaultAuthorizationPolicy - DefaultAuthorizationPolicy: usernames don't match (test\20test Test Test)

2013.04.16 16:36:24 org.jivesoftware.openfire.net.SASLAuthentication - SASLAuthentication: SaslException

javax.security.sasl.SaslException: Problem with callback handler [Caused by javax.security.sasl.SaslException: Test Test@EXAMPLE.LOCAL is not authorized to connect as test\20test]

...

Caused by: javax.security.sasl.SaslException: Test Test@EXAMPLE.LOCAL is not authorized to connect as test\20test

 

code snippet from DefaultAuthorizationPolicy.java:

 

if(!userUser.toLowerCase().equals(authenUser.toLowerCase())){

    if (Log.isDebugEnabled()) {

        Log.debug("DefaultAuthorizationPolicy: usernames don't match ("+userUser+" "+authenUser+")");

    }

    return false;

}

 

What am I doing wrong? It is possible to use with usernames with spaces?

Outcomes